ユーザー向け情報

閉じる

マイライブラリ
マイライブラリ

+ マイライブラリに追加

検索
検索

電話
テクニカルサポート利用方法

問い合わせ

新規お問い合わせ

電話(英語)

+7 (495) 789-45-86

フォーラム(英語)

お問い合わせ履歴

新規お問い合わせ

電話(英語)

+7 (495) 789-45-86

Profile

JP

RU CN DE EN ES FR IT JP KZ UZ PL BY
閉じる
サービス
スキャナー
Dr.Web vxCube
トライアル
ウイルスライブラリ
ナレッジベース

テクノロジー

用語

トレーニングコースおよび啓蒙プロジェクト

アンチウイルスに関する誤解と噂

ニュース

Adware.Shopper.363

Added to the Dr.Web virus database: 2013-09-02

Virus description added:

Technical Information

To ensure autorun and distribution:
Modifies the following registry keys:
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'Del662489' = 'cmd.exe /Q /D /c del "%TEMP%\0.del"'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'Del662489' = 'cmd.exe /Q /D /c del "%TEMP%\0.del"'
Creates or modifies the following files:
  • %WINDIR%\Tasks\SaveSenseLiveUpdateTaskMachineUA.job
  • %WINDIR%\Tasks\SaveSenseLiveUpdateTaskMachineCore.job
  • %WINDIR%\Tasks\SaveSense.job
Creates the following services:
  • [<HKLM>\SYSTEM\ControlSet001\services\savesenselive] 'Start' = '00000002'
Malicious functions:
Creates and executes the following:
  • '%PROGRAM_FILES%\SaveSenseLive\Update\SaveSenseLive.exe' /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB2ZXJzaW9uPSIxLjMuMjMuMCIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9Ins5M0VFNUJGRC00N0U1LTQ1QzktQTk3NC0zRUQ4MzI4RkU2NTh9IiBpbnN0YWxsc291cmNlPSJvdGhlcmluc3RhbGxjbWQiIHRlc3Rzb3VyY2U9ImF1dG8iIHJlcXVlc3RpZD0ie0M2ODc0NERDLUUwRjctNEVBRC1CMzIxLTBEQzNBMjkwMUI5M30iPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSI2LjEiIHNwPSJTZXJ2aWNlIFBhY2sgMSIgYXJjaD0ieDg2Ii8-PGFwcCBhcHBpZD0iezY3NGJhYzI3LWZkMDItNGVkYS1iNDY2LWM0MTgyZDU5ZjlhYX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEuMy4yMy4wIiBsYW5nPSJlbiIgYnJhbmQ9IiIgY2xpZW50PSIlN2IlMjJoJTIyJTNhJTIydjI1MzA2MjkwOTIyODMyOTcyMzI3MjIyMDEzMTIxMjE1NTIzMDAzJTIyJTJjJTIycCUyMiUzYSUyMmNhbmQlMjIlMmMlMjJjJTIyJTNhJTIyY2FuZCUyMiUyYyUyMnYlMjIlM2ElMjI1MzA2JTIyJTdkIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PC9hcHA-PC9yZXF1ZXN0Pg
  • '%PROGRAM_FILES%\SaveSenseLive\Update\SaveSenseLive.exe' /regserver
  • '%PROGRAM_FILES%\SaveSenseLive\Update\SaveSenseLive.exe' /regsvc
  • '%PROGRAM_FILES%\SaveSenseLive\Update\SaveSenseLive.exe' /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB2ZXJzaW9uPSIxLjMuMjMuMCIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9Ins5M0VFNUJGRC00N0U1LTQ1QzktQTk3NC0zRUQ4MzI4RkU2NTh9IiBpbnN0YWxsc291cmNlPSJvdGhlcmluc3RhbGxjbWQiIHRlc3Rzb3VyY2U9ImF1dG8iIHJlcXVlc3RpZD0iezA2NTdCNEU1LUMyMzUtNDFDMi04MkY1LTRDODYyMzA3MERCOH0iPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSI2LjEiIHNwPSJTZXJ2aWNlIFBhY2sgMSIgYXJjaD0ieDg2Ii8-PGFwcCBhcHBpZD0iezA5RjIyNTM2LTM1NkYtNEFCRC04M0FFLTc2QUJCNTYyRTg5MX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IiIgbGFuZz0iZW4iIGJyYW5kPSIiIGNsaWVudD0iJTdiJTIyaCUyMiUzYSUyMnYyNTMwNjI5MDkyMjgzMjk3MjMyNzIyMjAxMzEyMTIxNTUyMzAwMyUyMiUyYyUyMnAlMjIlM2ElMjJjYW5kJTIyJTJjJTIyYyUyMiUzYSUyMmNhbmQlMjIlMmMlMjJ2JTIyJTNhJTIyNTMwNiUyMiU3ZCIgaW5zdGFsbGFnZT0iLTEiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIwIiBlcnJvcmNvZGU9Ii0xMDcyODk2NzYwIiBleHRyYWNvZGUxPSIyNjg0MzU0NTkiLz48L2FwcD48L3JlcXVlc3Q-
  • '%PROGRAM_FILES%\SaveSenseLive\Update\SaveSenseLive.exe' /svc
  • '%PROGRAM_FILES%\SaveSenseLive\Update\SaveSenseLive.exe' /handoff "appguid={09f22536-356f-4abd-83ae-76abb562e891}&appname=SaveSenseLive&needsadmin=True&lang=en&client=%7b%22h%22%3a%22v25306290922832972327222013121215523003%22%2c%22p%22%3a%22cand%22%2c%22c%22%3a%22cand%22%2c%22v%22%3a%225306%22%7d" /installsource otherinstallcmd /sessionid "{93EE5BFD-47E5-45C9-A974-3ED8328FE658}" /silent
  • '%TEMP%\SaveSenseUpdateVer.exe' /install
  • '%TEMP%\{43A566A3-5E95-4B04-A707-E6B336F8F86F}\files\uninst.exe' /S /OPTIMIZE /PARTNER=cand /CHANNEL= /i
  • '<Current directory>\sas.exe' /S /OPTIMIZE /PARTNER=cand /CHANNEL=
  • '%TEMP%\GUM2CF9.tmp\SaveSenseLive.exe' /silent /install "appguid={09f22536-356f-4abd-83ae-76abb562e891}&appname=SaveSenseLive&needsadmin=True&lang=en&client=%7b%22h%22%3a%22v25306290922832972327222013121215523003%22%2c%22p%22%3a%22cand%22%2c%22c%22%3a%22cand%22%2c%22v%22%3a%225306%22%7d"
  • '%TEMP%\{43A566A3-5E95-4B04-A707-E6B336F8F86F}\o-update\SaveSenseLive.exe' /silent /install "appguid={09f22536-356f-4abd-83ae-76abb562e891}&appname=SaveSenseLive&needsadmin=True&lang=en&client=%7b%22h%22%3a%22v25306290922832972327222013121215523003%22%2c%22p%22%3a%22cand%22%2c%22c%22%3a%22cand%22%2c%22v%22%3a%225306%22%7d"
  • '%APPDATA%\Roaming\SaveSense\UpdateProc\UpdateTask.exe' /ReportI /C=259
Executes the following:
  • '<SYSTEM32>\timeout.exe' 3
  • '<SYSTEM32>\msiexec.exe' /V
  • '<SYSTEM32>\schtasks.exe' /create /F /tn "SaveSense" /xml "%TEMP%\662583.xml"
  • '<SYSTEM32>\regsvr32.exe' /s "%PROGRAM_FILES%\SaveSense\SaveSenseIE.dll"
  • '<SYSTEM32>\regsvr32.exe' /s "%PROGRAM_FILES%\SaveSense\SaveSenseIE64.dll"
Modifies file system :
Creates the following files:
  • %PROGRAM_FILES%\SaveSenseLive\Update\1.3.23.0\goopdateres_nl.dll
  • %TEMP%\Cab95DC.tmp
  • %TEMP%\Tar95DD.tmp
  • %TEMP%\Tar9511.tmp
  • %TEMP%\Cab9414.tmp
  • %TEMP%\Tar9415.tmp
  • %TEMP%\Cab9510.tmp
  • %TEMP%\Tar9758.tmp
  • %TEMP%\Cab9833.tmp
  • %TEMP%\Tar9844.tmp
  • %TEMP%\Cab9757.tmp
  • %TEMP%\Cab968A.tmp
  • %TEMP%\Tar969B.tmp
  • %PROGRAM_FILES%\SaveSenseLive\Update\1.3.23.0\goopdateres_no.dll
  • %PROGRAM_FILES%\SaveSenseLive\Update\1.3.23.0\goopdateres_ms.dll
  • %PROGRAM_FILES%\SaveSenseLive\Update\1.3.23.0\goopdateres_ml.dll
  • %TEMP%\Cab90F0.tmp
  • %TEMP%\Tar90F1.tmp
  • %TEMP%\Tar9034.tmp
  • %TEMP%\Cab8EF9.tmp
  • %TEMP%\Tar8F0A.tmp
  • %TEMP%\Cab9033.tmp
  • %TEMP%\Tar928B.tmp
  • %TEMP%\Cab9347.tmp
  • %TEMP%\Tar9348.tmp
  • %TEMP%\Cab927A.tmp
  • %TEMP%\Cab91AE.tmp
  • %TEMP%\Tar91AF.tmp
  • %PROGRAM_FILES%\SaveSenseLive\Update\1.3.23.0\goopdateres_mr.dll
  • %TEMP%\TarA1B6.tmp
  • %PROGRAM_FILES%\SaveSenseLive\Update\1.3.23.0\goopdateres_ru.dll
  • %TEMP%\CabA2FF.tmp
  • %TEMP%\CabA1B5.tmp
  • %PROGRAM_FILES%\SaveSenseLive\Update\1.3.23.0\goopdateres_ro.dll
  • %TEMP%\CabA01E.tmp
  • %TEMP%\TarA02E.tmp
  • %TEMP%\CabA6F9.tmp
  • %TEMP%\TarA6FA.tmp
  • %TEMP%\CabA99A.tmp
  • %PROGRAM_FILES%\SaveSenseLive\Update\1.3.23.0\goopdateres_sk.dll
  • %TEMP%\TarA300.tmp
  • %TEMP%\CabA3DB.tmp
  • %TEMP%\TarA3EC.tmp
  • %TEMP%\Tar9DFB.tmp
  • %TEMP%\Tar99DD.tmp
  • %PROGRAM_FILES%\SaveSenseLive\Update\1.3.23.0\goopdateres_pt-BR.dll
  • %TEMP%\Cab9AB9.tmp
  • %TEMP%\Cab99CD.tmp
  • %PROGRAM_FILES%\SaveSenseLive\Update\1.3.23.0\goopdateres_pl.dll
  • %TEMP%\Cab9900.tmp
  • %TEMP%\Tar9911.tmp
  • %TEMP%\Cab9D0E.tmp
  • %TEMP%\Tar9D0F.tmp
  • %TEMP%\Cab9DEA.tmp
  • %PROGRAM_FILES%\SaveSenseLive\Update\1.3.23.0\goopdateres_pt-PT.dll
  • %TEMP%\Tar9ABA.tmp
  • %TEMP%\Cab9C22.tmp
  • %TEMP%\Tar9C23.tmp
  • %PROGRAM_FILES%\SaveSenseLive\Update\1.3.23.0\goopdateres_lv.dll
  • %TEMP%\Cab7F40.tmp
  • %TEMP%\Tar7F50.tmp
  • %TEMP%\Cab804B.tmp
  • %PROGRAM_FILES%\SaveSenseLive\Update\1.3.23.0\goopdateres_id.dll
  • %TEMP%\Tar7D88.tmp
  • %TEMP%\Cab7E54.tmp
  • %TEMP%\Tar7E55.tmp
  • %TEMP%\Cab8252.tmp
  • %TEMP%\Tar8253.tmp
  • %PROGRAM_FILES%\SaveSenseLive\Update\1.3.23.0\goopdateres_it.dll
  • %TEMP%\Tar8167.tmp
  • %TEMP%\Tar805B.tmp
  • %PROGRAM_FILES%\SaveSenseLive\Update\1.3.23.0\goopdateres_is.dll
  • %TEMP%\Cab8166.tmp
  • %TEMP%\Cab7D87.tmp
  • %TEMP%\Cab7A05.tmp
  • %TEMP%\Tar7A06.tmp
  • %TEMP%\Cab7B01.tmp
  • %PROGRAM_FILES%\SaveSenseLive\Update\1.3.23.0\goopdateres_hi.dll
  • %TEMP%\Tar76F6.tmp
  • %TEMP%\Cab787D.tmp
  • %TEMP%\Tar787E.tmp
  • %TEMP%\Cab7CAA.tmp
  • %TEMP%\Tar7CBB.tmp
  • %PROGRAM_FILES%\SaveSenseLive\Update\1.3.23.0\goopdateres_hu.dll
  • %TEMP%\Tar7BEE.tmp
  • %TEMP%\Tar7B12.tmp
  • %PROGRAM_FILES%\SaveSenseLive\Update\1.3.23.0\goopdateres_hr.dll
  • %TEMP%\Cab7BED.tmp
  • %PROGRAM_FILES%\SaveSenseLive\Update\1.3.23.0\goopdateres_ko.dll
  • %TEMP%\Cab8BA7.tmp
  • %TEMP%\Tar8BA8.tmp
  • %TEMP%\Tar8ADB.tmp
  • %TEMP%\Cab89EE.tmp
  • %TEMP%\Tar89EF.tmp
  • %TEMP%\Cab8ADA.tmp
  • %TEMP%\Tar8D51.tmp
  • %TEMP%\Cab8E1D.tmp
  • %TEMP%\Tar8E1E.tmp
  • %TEMP%\Cab8D40.tmp
  • %TEMP%\Cab8C64.tmp
  • %TEMP%\Tar8C65.tmp
  • %PROGRAM_FILES%\SaveSenseLive\Update\1.3.23.0\goopdateres_lt.dll
  • %PROGRAM_FILES%\SaveSenseLive\Update\1.3.23.0\goopdateres_kn.dll
  • %PROGRAM_FILES%\SaveSenseLive\Update\1.3.23.0\goopdateres_iw.dll
  • %TEMP%\Cab8525.tmp
  • %TEMP%\Tar8526.tmp
  • %TEMP%\Tar844A.tmp
  • %TEMP%\Cab833E.tmp
  • %TEMP%\Tar834E.tmp
  • %TEMP%\Cab8449.tmp
  • %TEMP%\Tar86B0.tmp
  • %TEMP%\Cab88B4.tmp
  • %TEMP%\Tar88B5.tmp
  • %TEMP%\Cab86AF.tmp
  • %TEMP%\Cab85E2.tmp
  • %TEMP%\Tar85E3.tmp
  • %PROGRAM_FILES%\SaveSenseLive\Update\1.3.23.0\goopdateres_ja.dll
  • %TEMP%\TarE6A9.tmp
  • %TEMP%\CabE7E2.tmp
  • %TEMP%\TarE7E3.tmp
  • %TEMP%\CabE6A8.tmp
  • %TEMP%\CabE58E.tmp
  • %TEMP%\TarE58F.tmp
  • %PROGRAM_FILES%\SaveSenseLive\Update\1.3.23.0\psmachine.dll
  • %TEMP%\TarE99C.tmp
  • %PROGRAM_FILES%\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll
  • %TEMP%\CabEAA6.tmp
  • %TEMP%\CabE99B.tmp
  • %PROGRAM_FILES%\SaveSenseLive\Update\SaveSenseLive.exe
  • %TEMP%\CabE8CE.tmp
  • %TEMP%\TarE8CF.tmp
  • %TEMP%\TarE493.tmp
  • %TEMP%\TarE037.tmp
  • %TEMP%\CabE170.tmp
  • %TEMP%\TarE171.tmp
  • %TEMP%\CabE036.tmp
  • %TEMP%\CabDF4A.tmp
  • %TEMP%\TarDF4B.tmp
  • %PROGRAM_FILES%\SaveSenseLive\Update\1.3.23.0\goopdateres_zh-TW.dll
  • %TEMP%\TarE3C6.tmp
  • %PROGRAM_FILES%\SaveSenseLive\Update\1.3.23.0\psuser.dll
  • %TEMP%\CabE492.tmp
  • %TEMP%\CabE3C5.tmp
  • %PROGRAM_FILES%\SaveSenseLive\Update\1.3.23.0\SaveSenseLiveHelper.msi
  • %TEMP%\CabE2F8.tmp
  • %TEMP%\TarE2F9.tmp
  • %WINDIR%\ServiceProfiles\NetworkService\AppData\Local\Temp\Cab1A34.tmp
  • %TEMP%\Cab6453.tmp
  • %WINDIR%\ServiceProfiles\NetworkService\AppData\Local\Temp\Cab647E.tmp
  • %TEMP%\Cab19EA.tmp
  • %TEMP%\TarFDC0.tmp
  • %TEMP%\CabFF08.tmp
  • %TEMP%\TarFF09.tmp
  • <LS_APPDATA>Low\Microsoft\CryptnetUrlCache\Content\B69D763EB21649DA26F20618312DEE70
  • <LS_APPDATA>Low\Microsoft\CryptnetUrlCache\MetaData\1F356F4D07FE8C483E769E4586569404
  • <LS_APPDATA>Low\Microsoft\CryptnetUrlCache\Content\1F356F4D07FE8C483E769E4586569404
  • <LS_APPDATA>Low\Microsoft\CryptnetUrlCache\MetaData\B69D763EB21649DA26F20618312DEE70
  • %WINDIR%\Installer\MSI6F9C.tmp
  • C:\Config.Msi\afc0d.rbs
  • %WINDIR%\Installer\afc0e.msi
  • %TEMP%\CabFDAF.tmp
  • %TEMP%\CabEC7E.tmp
  • %TEMP%\TarEC8F.tmp
  • %TEMP%\CabEDB8.tmp
  • %PROGRAM_FILES%\SaveSenseLive\Update\1.3.23.0\SaveSenseLiveBroker.exe
  • %TEMP%\TarEAB7.tmp
  • %TEMP%\CabEB83.tmp
  • %TEMP%\TarEB93.tmp
  • <SYSTEM32>\Tasks\SaveSenseLiveUpdateTaskMachineCore
  • <SYSTEM32>\Tasks\SaveSenseLiveUpdateTaskMachineUA
  • %WINDIR%\Installer\afc0a.msi
  • %TEMP%\TarEF22.tmp
  • %TEMP%\TarEDB9.tmp
  • %PROGRAM_FILES%\SaveSenseLive\Update\1.3.23.0\SaveSenseLiveOnDemand.exe
  • %TEMP%\CabEF21.tmp
  • %TEMP%\TarDE40.tmp
  • %TEMP%\CabC0D2.tmp
  • %TEMP%\TarC0E2.tmp
  • %PROGRAM_FILES%\SaveSenseLive\Update\1.3.23.0\goopdateres_ta.dll
  • %TEMP%\TarBE22.tmp
  • %TEMP%\TarBC1D.tmp
  • %PROGRAM_FILES%\SaveSenseLive\Update\1.3.23.0\goopdateres_sw.dll
  • %TEMP%\CabBE21.tmp
  • %PROGRAM_FILES%\SaveSenseLive\Update\1.3.23.0\goopdateres_te.dll
  • %TEMP%\CabC98E.tmp
  • %TEMP%\TarC98F.tmp
  • %TEMP%\TarC72D.tmp
  • %TEMP%\CabC4CA.tmp
  • %TEMP%\TarC4DA.tmp
  • %TEMP%\CabC72C.tmp
  • %TEMP%\CabBC1C.tmp
  • %TEMP%\CabB032.tmp
  • %TEMP%\TarB033.tmp
  • %PROGRAM_FILES%\SaveSenseLive\Update\1.3.23.0\goopdateres_sr.dll
  • %TEMP%\TarAE00.tmp
  • %TEMP%\TarA9AA.tmp
  • %PROGRAM_FILES%\SaveSenseLive\Update\1.3.23.0\goopdateres_sl.dll
  • %TEMP%\CabADEF.tmp
  • %PROGRAM_FILES%\SaveSenseLive\Update\1.3.23.0\goopdateres_sv.dll
  • %TEMP%\CabBA46.tmp
  • %TEMP%\TarBA57.tmp
  • %TEMP%\TarB804.tmp
  • %TEMP%\CabB3FC.tmp
  • %TEMP%\TarB3FD.tmp
  • %TEMP%\CabB803.tmp
  • %TEMP%\TarDA52.tmp
  • %TEMP%\CabDB5C.tmp
  • %TEMP%\TarDB5D.tmp
  • %TEMP%\CabDA41.tmp
  • %TEMP%\CabD8D8.tmp
  • %TEMP%\TarD8D9.tmp
  • %PROGRAM_FILES%\SaveSenseLive\Update\1.3.23.0\goopdateres_ur.dll
  • %TEMP%\TarDD06.tmp
  • %PROGRAM_FILES%\SaveSenseLive\Update\1.3.23.0\goopdateres_zh-CN.dll
  • %TEMP%\CabDE3F.tmp
  • %TEMP%\CabDD05.tmp
  • %PROGRAM_FILES%\SaveSenseLive\Update\1.3.23.0\goopdateres_vi.dll
  • %TEMP%\CabDC38.tmp
  • %TEMP%\TarDC39.tmp
  • %TEMP%\TarD7ED.tmp
  • %TEMP%\TarCDC8.tmp
  • %TEMP%\CabCF10.tmp
  • %TEMP%\TarCF21.tmp
  • %TEMP%\CabCDB7.tmp
  • %TEMP%\CabCB74.tmp
  • %TEMP%\TarCB75.tmp
  • %PROGRAM_FILES%\SaveSenseLive\Update\1.3.23.0\goopdateres_th.dll
  • %TEMP%\TarD5F8.tmp
  • %PROGRAM_FILES%\SaveSenseLive\Update\1.3.23.0\goopdateres_uk.dll
  • %TEMP%\CabD7DD.tmp
  • %TEMP%\CabD5F7.tmp
  • %PROGRAM_FILES%\SaveSenseLive\Update\1.3.23.0\goopdateres_tr.dll
  • %TEMP%\CabD1D0.tmp
  • %TEMP%\TarD1D1.tmp
  • %TEMP%\GUM2CF9.tmp\goopdateres_hi.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_hr.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_hu.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_gu.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_fi.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_fil.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_fr.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_ja.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_kn.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_ko.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_iw.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_id.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_is.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_it.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_fa.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_ca.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_cs.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_da.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_bn.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_am.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_ar.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_bg.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_es.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_es-419.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_et.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_en-GB.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_de.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_el.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_en.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_th.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_tr.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_uk.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_te.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_sv.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_sw.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_ta.dll
  • %TEMP%\Cab39F3.tmp
  • %TEMP%\Tar3A04.tmp
  • %TEMP%\Cab3B0E.tmp
  • %TEMP%\GUM2CF9.tmp\goopdateres_zh-TW.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_ur.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_vi.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_zh-CN.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_sr.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_ms.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_nl.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_no.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_mr.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_lt.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_lv.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_ml.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_ru.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_sk.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_sl.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_ro.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_pl.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_pt-BR.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_pt-PT.dll
  • %TEMP%\GUM2CF9.tmp\psuser.dll
  • %TEMP%\{43A566A3-5E95-4B04-A707-E6B336F8F86F}\files\uninst.exe
  • %TEMP%\{43A566A3-5E95-4B04-A707-E6B336F8F86F}\files\SaveSenseIE.dll
  • %PROGRAM_FILES%\SaveSense\icon.ico
  • %TEMP%\{43A566A3-5E95-4B04-A707-E6B336F8F86F}\files\SaveSenseUpdateVer.exe
  • %TEMP%\{43A566A3-5E95-4B04-A707-E6B336F8F86F}\xpi\install.rdf
  • %TEMP%\{43A566A3-5E95-4B04-A707-E6B336F8F86F}\xpi\content\savesense.xul
  • %TEMP%\{43A566A3-5E95-4B04-A707-E6B336F8F86F}\o-update\SaveSenseLive.exe
  • %PROGRAM_FILES%\SaveSense\uninst.exe
  • %APPDATA%\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense\SaveSense Help.url
  • %APPDATA%\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense\SaveSense.url
  • %PROGRAM_FILES%\SaveSense\SaveSenseUpdateVer.exe
  • %PROGRAM_FILES%\SaveSense\SaveSense.crx
  • %PROGRAM_FILES%\SaveSense\SaveSense.xpi
  • %PROGRAM_FILES%\SaveSense\SaveSenseIE.dll
  • %TEMP%\{43A566A3-5E95-4B04-A707-E6B336F8F86F}\crxls\chrome-extension_khcceooakamlehbimaepcldnnlnkcmfk_0.localstorage
  • %TEMP%\{43A566A3-5E95-4B04-A707-E6B336F8F86F}\crx\images\icon16.png
  • %TEMP%\{43A566A3-5E95-4B04-A707-E6B336F8F86F}\xpi\content\images\icon32.png
  • %TEMP%\{43A566A3-5E95-4B04-A707-E6B336F8F86F}\crx\images\icon48.png
  • %TEMP%\{43A566A3-5E95-4B04-A707-E6B336F8F86F}\crx\images\icon128.png
  • %TEMP%\nst1A6.tmp\System.dll
  • <Current directory>\sas.exe
  • %TEMP%\{43A566A3-5E95-4B04-A707-E6B336F8F86F}\xpi\defaults\preferences\defaults.js
  • %TEMP%\{43A566A3-5E95-4B04-A707-E6B336F8F86F}\files\SaveSense.crx
  • %TEMP%\{43A566A3-5E95-4B04-A707-E6B336F8F86F}\crx\manifest.json
  • %TEMP%\{43A566A3-5E95-4B04-A707-E6B336F8F86F}\crx\background.js
  • %TEMP%\{43A566A3-5E95-4B04-A707-E6B336F8F86F}\files\icon.ico
  • %TEMP%\{43A566A3-5E95-4B04-A707-E6B336F8F86F}\files\SaveSense.xpi
  • %TEMP%\{43A566A3-5E95-4B04-A707-E6B336F8F86F}\xpi\chrome.manifest
  • %APPDATA%\Roaming\SaveSense\UpdateProc\config.dat
  • %TEMP%\GUT2D09.tmp
  • %TEMP%\GUM2CF9.tmp\SaveSenseLive.exe
  • <SYSTEM32>\Tasks\SaveSense
  • %TEMP%\662583.xml
  • <SYSTEM32>\Microsoft\Protect\S-1-5-18\User\96f35030-0ef9-4a58-a1ba-efe7b447ce71
  • C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\d42cc0c3858a58db2db37658219e6400_fdaad129-04df-4089-bb80-174ce725f721
  • %TEMP%\GUM2CF9.tmp\SaveSenseLiveBroker.exe
  • %TEMP%\GUM2CF9.tmp\SaveSenseLiveOnDemand.exe
  • %TEMP%\GUM2CF9.tmp\psmachine.dll
  • %TEMP%\GUM2CF9.tmp\SaveSenseLiveHelper.msi
  • %TEMP%\GUM2CF9.tmp\SaveSenseLiveHandler.exe
  • %TEMP%\GUM2CF9.tmp\goopdate.dll
  • %TEMP%\GUM2CF9.tmp\npGoogleUpdate3.dll
  • %APPDATA%\Roaming\SaveSense\UpdateProc\UpdateTask.exe
  • <LS_APPDATA>\Google\Chrome\User Data\Default\Extensions\khcceooakamlehbimaepcldnnlnkcmfk\3.5.0.0_0\images\icon16.png
  • <LS_APPDATA>\Google\Chrome\User Data\Default\Extensions\khcceooakamlehbimaepcldnnlnkcmfk\3.5.0.0_0\images\icon48.png
  • <LS_APPDATA>\Google\Chrome\User Data\Default\Extensions\khcceooakamlehbimaepcldnnlnkcmfk\3.5.0.0_0\manifest.json
  • <LS_APPDATA>\Google\Chrome\User Data\Default\Extensions\khcceooakamlehbimaepcldnnlnkcmfk\3.5.0.0_0\images\icon128.png
  • %APPDATA%\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense\Uninstall SaveSense.lnk
  • %TEMP%\logs\uninst.log
  • <LS_APPDATA>\Google\Chrome\User Data\Default\Extensions\khcceooakamlehbimaepcldnnlnkcmfk\3.5.0.0_0\background.js
  • %APPDATA%\Roaming\Mozilla\Firefox\Profiles\zp7tnb55.default\extensions\{8b337819-d1e8-48d3-8178-168ae8c99c36}\install.rdf
  • %APPDATA%\Roaming\Mozilla\Firefox\Profiles\zp7tnb55.default\extensions.sqlite-journal
  • %TEMP%\SaveSenseUpdateVer.exe
  • %APPDATA%\Roaming\Mozilla\Firefox\Profiles\zp7tnb55.default\extensions\{8b337819-d1e8-48d3-8178-168ae8c99c36}\defaults\preferences\defaults.js
  • %APPDATA%\Roaming\Mozilla\Firefox\Profiles\zp7tnb55.default\extensions\{8b337819-d1e8-48d3-8178-168ae8c99c36}\chrome.manifest
  • %APPDATA%\Roaming\Mozilla\Firefox\Profiles\zp7tnb55.default\extensions\{8b337819-d1e8-48d3-8178-168ae8c99c36}\content\images\icon32.png
  • %APPDATA%\Roaming\Mozilla\Firefox\Profiles\zp7tnb55.default\extensions\{8b337819-d1e8-48d3-8178-168ae8c99c36}\content\savesense.xul
  • %TEMP%\Cab5BAA.tmp
  • %TEMP%\Tar5BAB.tmp
  • %PROGRAM_FILES%\SaveSenseLive\Update\1.3.23.0\goopdateres_es.dll
  • %TEMP%\Tar5ADE.tmp
  • %TEMP%\Tar5A02.tmp
  • %PROGRAM_FILES%\SaveSenseLive\Update\1.3.23.0\goopdateres_en-GB.dll
  • %TEMP%\Cab5ADD.tmp
  • %PROGRAM_FILES%\SaveSenseLive\Update\1.3.23.0\goopdateres_es-419.dll
  • %TEMP%\Cab5E9D.tmp
  • %TEMP%\Tar5E9E.tmp
  • %TEMP%\Tar5D92.tmp
  • %TEMP%\Cab5CC5.tmp
  • %TEMP%\Tar5CC6.tmp
  • %TEMP%\Cab5D91.tmp
  • %TEMP%\Cab5A01.tmp
  • %TEMP%\Cab55E3.tmp
  • %TEMP%\Tar55E4.tmp
  • %PROGRAM_FILES%\SaveSenseLive\Update\1.3.23.0\goopdateres_el.dll
  • %TEMP%\Tar5518.tmp
  • %TEMP%\Tar544B.tmp
  • %PROGRAM_FILES%\SaveSenseLive\Update\1.3.23.0\goopdateres_de.dll
  • %TEMP%\Cab5517.tmp
  • %PROGRAM_FILES%\SaveSenseLive\Update\1.3.23.0\goopdateres_en.dll
  • %TEMP%\Cab5934.tmp
  • %TEMP%\Tar5935.tmp
  • %TEMP%\Tar57CC.tmp
  • %TEMP%\Cab56FE.tmp
  • %TEMP%\Tar56FF.tmp
  • %TEMP%\Cab57CB.tmp
  • %TEMP%\Tar6CE0.tmp
  • %TEMP%\Cab6DEB.tmp
  • %TEMP%\Tar6DEC.tmp
  • %TEMP%\Cab6CDF.tmp
  • %TEMP%\Cab6B96.tmp
  • %TEMP%\Tar6BA6.tmp
  • %PROGRAM_FILES%\SaveSenseLive\Update\1.3.23.0\goopdateres_fil.dll
  • %TEMP%\Tar739A.tmp
  • %PROGRAM_FILES%\SaveSenseLive\Update\1.3.23.0\goopdateres_gu.dll
  • %TEMP%\Cab76F5.tmp
  • %TEMP%\Cab7399.tmp
  • %PROGRAM_FILES%\SaveSenseLive\Update\1.3.23.0\goopdateres_fr.dll
  • %TEMP%\Cab706C.tmp
  • %TEMP%\Tar706D.tmp
  • %TEMP%\Tar6A8C.tmp
  • %TEMP%\Tar62D6.tmp
  • %TEMP%\Cab642E.tmp
  • %TEMP%\Tar642F.tmp
  • %TEMP%\Cab62D5.tmp
  • %TEMP%\Cab5FF6.tmp
  • %TEMP%\Tar5FF7.tmp
  • %PROGRAM_FILES%\SaveSenseLive\Update\1.3.23.0\goopdateres_et.dll
  • %TEMP%\Tar68E4.tmp
  • %PROGRAM_FILES%\SaveSenseLive\Update\1.3.23.0\goopdateres_fi.dll
  • %TEMP%\Cab6A7B.tmp
  • %TEMP%\Cab68E3.tmp
  • %PROGRAM_FILES%\SaveSenseLive\Update\1.3.23.0\goopdateres_fa.dll
  • %TEMP%\Cab66EE.tmp
  • %TEMP%\Tar66EF.tmp
  • %TEMP%\Cab544A.tmp
  • %TEMP%\Tar4665.tmp
  • %PROGRAM_FILES%\SaveSenseLive\Update\1.3.23.0\SaveSenseLiveHandler.exe
  • %TEMP%\Cab4750.tmp
  • %TEMP%\Cab4664.tmp
  • %PROGRAM_FILES%\SaveSenseLive\Update\1.3.23.0\goopdate.dll
  • %TEMP%\Cab44BD.tmp
  • %TEMP%\Tar44BE.tmp
  • %TEMP%\Cab48F9.tmp
  • %TEMP%\Tar490A.tmp
  • %TEMP%\Cab4A14.tmp
  • %PROGRAM_FILES%\SaveSenseLive\Update\1.3.23.0\goopdateres_am.dll
  • %TEMP%\Tar4751.tmp
  • %TEMP%\Cab480D.tmp
  • %TEMP%\Tar480E.tmp
  • %TEMP%\Tar43E2.tmp
  • %TEMP%\Tar3C6A.tmp
  • C:\ProgramData\SaveSenseLive\Update\Log\SaveSenseLive.log
  • %TEMP%\Cab41C8.tmp
  • %TEMP%\Cab3C5A.tmp
  • %TEMP%\Tar3B0F.tmp
  • %TEMP%\Cab3B7D.tmp
  • %TEMP%\Tar3B7E.tmp
  • %TEMP%\Cab4314.tmp
  • %TEMP%\Tar4315.tmp
  • %TEMP%\Cab43E1.tmp
  • %PROGRAM_FILES%\SaveSenseLive\Update\1.3.23.0\SaveSenseLive.exe
  • %TEMP%\Tar41D9.tmp
  • %TEMP%\Cab4247.tmp
  • %TEMP%\Tar4248.tmp
  • %TEMP%\Cab50E8.tmp
  • %TEMP%\Tar50E9.tmp
  • %PROGRAM_FILES%\SaveSenseLive\Update\1.3.23.0\goopdateres_cs.dll
  • %TEMP%\Tar501C.tmp
  • %TEMP%\Tar4F40.tmp
  • %PROGRAM_FILES%\SaveSenseLive\Update\1.3.23.0\goopdateres_ca.dll
  • %TEMP%\Cab501B.tmp
  • %PROGRAM_FILES%\SaveSenseLive\Update\1.3.23.0\goopdateres_da.dll
  • %TEMP%\Cab537D.tmp
  • %TEMP%\Tar537E.tmp
  • %TEMP%\Tar52B1.tmp
  • %TEMP%\Cab51F3.tmp
  • %TEMP%\Tar51F4.tmp
  • %TEMP%\Cab52B0.tmp
  • %TEMP%\Cab4F3F.tmp
  • %TEMP%\Cab4BCD.tmp
  • %TEMP%\Tar4BCE.tmp
  • %PROGRAM_FILES%\SaveSenseLive\Update\1.3.23.0\goopdateres_bg.dll
  • %TEMP%\Tar4B01.tmp
  • %TEMP%\Tar4A15.tmp
  • %PROGRAM_FILES%\SaveSenseLive\Update\1.3.23.0\goopdateres_ar.dll
  • %TEMP%\Cab4AF1.tmp
  • %PROGRAM_FILES%\SaveSenseLive\Update\1.3.23.0\goopdateres_bn.dll
  • %TEMP%\Cab4E72.tmp
  • %TEMP%\Tar4E73.tmp
  • %TEMP%\Tar4D87.tmp
  • %TEMP%\Cab4CA9.tmp
  • %TEMP%\Tar4CAA.tmp
  • %TEMP%\Cab4D76.tmp
Deletes the following files:
  • %TEMP%\TarE171.tmp
  • %TEMP%\CabE2F8.tmp
  • %TEMP%\CabE170.tmp
  • %TEMP%\CabE036.tmp
  • %TEMP%\TarE037.tmp
  • %TEMP%\TarE2F9.tmp
  • %TEMP%\TarE493.tmp
  • %TEMP%\CabE58E.tmp
  • %TEMP%\CabE492.tmp
  • %TEMP%\CabE3C5.tmp
  • %TEMP%\TarE3C6.tmp
  • %TEMP%\TarDF4B.tmp
  • %TEMP%\TarDB5D.tmp
  • %TEMP%\CabDC38.tmp
  • %TEMP%\CabDB5C.tmp
  • %TEMP%\CabDA41.tmp
  • %TEMP%\TarDA52.tmp
  • %TEMP%\TarDC39.tmp
  • %TEMP%\TarDE40.tmp
  • %TEMP%\CabDF4A.tmp
  • %TEMP%\CabDE3F.tmp
  • %TEMP%\CabDD05.tmp
  • %TEMP%\TarDD06.tmp
  • %TEMP%\CabEDB8.tmp
  • %TEMP%\TarEDB9.tmp
  • %TEMP%\TarEC8F.tmp
  • %TEMP%\TarEB93.tmp
  • %TEMP%\CabEC7E.tmp
  • %TEMP%\CabEF21.tmp
  • %TEMP%\CabFF08.tmp
  • %TEMP%\TarFF09.tmp
  • %TEMP%\TarFDC0.tmp
  • %TEMP%\TarEF22.tmp
  • %TEMP%\CabFDAF.tmp
  • %TEMP%\CabEB83.tmp
  • %TEMP%\CabE7E2.tmp
  • %TEMP%\TarE7E3.tmp
  • %TEMP%\TarE6A9.tmp
  • %TEMP%\TarE58F.tmp
  • %TEMP%\CabE6A8.tmp
  • %TEMP%\CabE8CE.tmp
  • %TEMP%\CabEAA6.tmp
  • %TEMP%\TarEAB7.tmp
  • %TEMP%\TarE99C.tmp
  • %TEMP%\TarE8CF.tmp
  • %TEMP%\CabE99B.tmp
  • %TEMP%\TarB3FD.tmp
  • %TEMP%\CabB803.tmp
  • %TEMP%\CabB3FC.tmp
  • %TEMP%\CabB032.tmp
  • %TEMP%\TarB033.tmp
  • %TEMP%\TarB804.tmp
  • %TEMP%\TarBC1D.tmp
  • %TEMP%\CabBE21.tmp
  • %TEMP%\CabBC1C.tmp
  • %TEMP%\CabBA46.tmp
  • %TEMP%\TarBA57.tmp
  • %TEMP%\TarAE00.tmp
  • %TEMP%\TarA300.tmp
  • %TEMP%\CabA3DB.tmp
  • %TEMP%\CabA2FF.tmp
  • %TEMP%\CabA1B5.tmp
  • %TEMP%\TarA1B6.tmp
  • %TEMP%\TarA3EC.tmp
  • %TEMP%\TarA9AA.tmp
  • %TEMP%\CabADEF.tmp
  • %TEMP%\CabA99A.tmp
  • %TEMP%\CabA6F9.tmp
  • %TEMP%\TarA6FA.tmp
  • %TEMP%\CabD1D0.tmp
  • %TEMP%\TarD1D1.tmp
  • %TEMP%\TarCF21.tmp
  • %TEMP%\TarCDC8.tmp
  • %TEMP%\CabCF10.tmp
  • %TEMP%\CabD5F7.tmp
  • %TEMP%\CabD8D8.tmp
  • %TEMP%\TarD8D9.tmp
  • %TEMP%\TarD7ED.tmp
  • %TEMP%\TarD5F8.tmp
  • %TEMP%\CabD7DD.tmp
  • %TEMP%\CabCDB7.tmp
  • %TEMP%\CabC4CA.tmp
  • %TEMP%\TarC4DA.tmp
  • %TEMP%\TarC0E2.tmp
  • %TEMP%\TarBE22.tmp
  • %TEMP%\CabC0D2.tmp
  • %TEMP%\CabC72C.tmp
  • %TEMP%\CabCB74.tmp
  • %TEMP%\TarCB75.tmp
  • %TEMP%\TarC98F.tmp
  • %TEMP%\TarC72D.tmp
  • %TEMP%\CabC98E.tmp
  • %TEMP%\GUM2CF9.tmp\goopdateres_sv.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_sw.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_sr.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_sk.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_sl.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_ta.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_uk.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_ur.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_tr.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_te.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_th.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_ru.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_mr.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_ms.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_ml.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_lt.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_lv.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_nl.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_pt-PT.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_ro.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_pt-BR.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_no.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_pl.dll
  • %TEMP%\{43A566A3-5E95-4B04-A707-E6B336F8F86F}\files\uninst.exe
  • %TEMP%\{43A566A3-5E95-4B04-A707-E6B336F8F86F}\o-update\SaveSenseLive.exe
  • %TEMP%\{43A566A3-5E95-4B04-A707-E6B336F8F86F}\files\SaveSenseUpdateVer.exe
  • %TEMP%\{43A566A3-5E95-4B04-A707-E6B336F8F86F}\files\SaveSense.xpi
  • %TEMP%\{43A566A3-5E95-4B04-A707-E6B336F8F86F}\files\SaveSenseIE.dll
  • %TEMP%\{43A566A3-5E95-4B04-A707-E6B336F8F86F}\xpi\chrome.manifest
  • %TEMP%\{43A566A3-5E95-4B04-A707-E6B336F8F86F}\xpi\install.rdf
  • %TEMP%\nst1A6.tmp\System.dll
  • %TEMP%\{43A566A3-5E95-4B04-A707-E6B336F8F86F}\xpi\defaults\preferences\defaults.js
  • %TEMP%\{43A566A3-5E95-4B04-A707-E6B336F8F86F}\xpi\content\images\icon32.png
  • %TEMP%\{43A566A3-5E95-4B04-A707-E6B336F8F86F}\xpi\content\savesense.xul
  • %TEMP%\{43A566A3-5E95-4B04-A707-E6B336F8F86F}\files\SaveSense.crx
  • %TEMP%\GUT2D09.tmp
  • %TEMP%\{43A566A3-5E95-4B04-A707-E6B336F8F86F}\crx\background.js
  • %TEMP%\GUM2CF9.tmp\goopdateres_zh-TW.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_vi.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_zh-CN.dll
  • %TEMP%\{43A566A3-5E95-4B04-A707-E6B336F8F86F}\crx\images\icon128.png
  • %TEMP%\{43A566A3-5E95-4B04-A707-E6B336F8F86F}\crxls\chrome-extension_khcceooakamlehbimaepcldnnlnkcmfk_0.localstorage
  • %TEMP%\{43A566A3-5E95-4B04-A707-E6B336F8F86F}\files\icon.ico
  • %TEMP%\{43A566A3-5E95-4B04-A707-E6B336F8F86F}\crx\manifest.json
  • %TEMP%\{43A566A3-5E95-4B04-A707-E6B336F8F86F}\crx\images\icon16.png
  • %TEMP%\{43A566A3-5E95-4B04-A707-E6B336F8F86F}\crx\images\icon48.png
  • %TEMP%\GUM2CF9.tmp\psmachine.dll
  • %TEMP%\GUM2CF9.tmp\psuser.dll
  • %TEMP%\GUM2CF9.tmp\SaveSenseLiveOnDemand.exe
  • %TEMP%\GUM2CF9.tmp\SaveSenseLiveHelper.msi
  • %TEMP%\GUM2CF9.tmp\SaveSenseLiveBroker.exe
  • %TEMP%\GUM2CF9.tmp\goopdateres_am.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_ca.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_cs.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_bn.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_ar.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_bg.dll
  • %TEMP%\GUM2CF9.tmp\npGoogleUpdate3.dll
  • %WINDIR%\ServiceProfiles\NetworkService\AppData\Local\Temp\Cab647E.tmp
  • %WINDIR%\Installer\MSI6F9C.tmp
  • %TEMP%\Cab6453.tmp
  • %TEMP%\Cab19EA.tmp
  • %WINDIR%\ServiceProfiles\NetworkService\AppData\Local\Temp\Cab1A34.tmp
  • C:\Config.Msi\afc0d.rbs
  • %TEMP%\GUM2CF9.tmp\SaveSenseLiveHandler.exe
  • %TEMP%\GUM2CF9.tmp\goopdate.dll
  • %TEMP%\GUM2CF9.tmp\SaveSenseLive.exe
  • %WINDIR%\Installer\afc0a.msi
  • %WINDIR%\Installer\afc0c.ipi
  • %TEMP%\GUM2CF9.tmp\goopdateres_hu.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_id.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_hr.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_gu.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_hi.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_is.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_kn.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_ko.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_ja.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_it.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_iw.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_fr.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_en.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_en-GB.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_el.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_da.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_de.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_es.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_fi.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_fil.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_fa.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_es-419.dll
  • %TEMP%\GUM2CF9.tmp\goopdateres_et.dll
  • %TEMP%\TarA02E.tmp
  • %TEMP%\Cab57CB.tmp
  • %TEMP%\Tar57CC.tmp
  • %TEMP%\Tar56FF.tmp
  • %TEMP%\Tar55E4.tmp
  • %TEMP%\Cab56FE.tmp
  • %TEMP%\Cab5934.tmp
  • %TEMP%\Cab5ADD.tmp
  • %TEMP%\Tar5ADE.tmp
  • %TEMP%\Tar5A02.tmp
  • %TEMP%\Tar5935.tmp
  • %TEMP%\Cab5A01.tmp
  • %TEMP%\Cab55E3.tmp
  • %TEMP%\Cab52B0.tmp
  • %TEMP%\Tar52B1.tmp
  • %TEMP%\Tar51F4.tmp
  • %TEMP%\Tar50E9.tmp
  • %TEMP%\Cab51F3.tmp
  • %TEMP%\Cab537D.tmp
  • %TEMP%\Cab5517.tmp
  • %TEMP%\Tar5518.tmp
  • %TEMP%\Tar544B.tmp
  • %TEMP%\Tar537E.tmp
  • %TEMP%\Cab544A.tmp
  • %TEMP%\Tar66EF.tmp
  • %TEMP%\Cab68E3.tmp
  • %TEMP%\Cab66EE.tmp
  • %TEMP%\Cab642E.tmp
  • %TEMP%\Tar642F.tmp
  • %TEMP%\Tar68E4.tmp
  • %TEMP%\Tar6BA6.tmp
  • %TEMP%\Cab6CDF.tmp
  • %TEMP%\Cab6B96.tmp
  • %TEMP%\Cab6A7B.tmp
  • %TEMP%\Tar6A8C.tmp
  • %TEMP%\Tar62D6.tmp
  • %TEMP%\Tar5CC6.tmp
  • %TEMP%\Cab5D91.tmp
  • %TEMP%\Cab5CC5.tmp
  • %TEMP%\Cab5BAA.tmp
  • %TEMP%\Tar5BAB.tmp
  • %TEMP%\Tar5D92.tmp
  • %TEMP%\Tar5FF7.tmp
  • %TEMP%\Cab62D5.tmp
  • %TEMP%\Cab5FF6.tmp
  • %TEMP%\Cab5E9D.tmp
  • %TEMP%\Tar5E9E.tmp
  • %TEMP%\Cab4314.tmp
  • %TEMP%\Tar4315.tmp
  • %TEMP%\Tar4248.tmp
  • %TEMP%\Tar41D9.tmp
  • %TEMP%\Cab4247.tmp
  • %TEMP%\Cab43E1.tmp
  • %TEMP%\Cab4664.tmp
  • %TEMP%\Tar4665.tmp
  • %TEMP%\Tar44BE.tmp
  • %TEMP%\Tar43E2.tmp
  • %TEMP%\Cab44BD.tmp
  • %TEMP%\Cab41C8.tmp
  • %TEMP%\Tar3A04.tmp
  • %TEMP%\Cab3B0E.tmp
  • %TEMP%\Cab39F3.tmp
  • %APPDATA%\Roaming\Mozilla\Firefox\Profiles\zp7tnb55.default\extensions.sqlite-journal
  • %TEMP%\662583.xml
  • %TEMP%\Tar3B0F.tmp
  • %TEMP%\Tar3C6A.tmp
  • %TEMP%\SaveSenseUpdateVer.exe
  • %TEMP%\Cab3C5A.tmp
  • %TEMP%\Cab3B7D.tmp
  • %TEMP%\Tar3B7E.tmp
  • %TEMP%\Tar4D87.tmp
  • %TEMP%\Cab4E72.tmp
  • %TEMP%\Cab4D76.tmp
  • %TEMP%\Cab4CA9.tmp
  • %TEMP%\Tar4CAA.tmp
  • %TEMP%\Tar4E73.tmp
  • %TEMP%\Tar501C.tmp
  • %TEMP%\Cab50E8.tmp
  • %TEMP%\Cab501B.tmp
  • %TEMP%\Cab4F3F.tmp
  • %TEMP%\Tar4F40.tmp
  • %TEMP%\Tar4BCE.tmp
  • %TEMP%\Tar480E.tmp
  • %TEMP%\Cab48F9.tmp
  • %TEMP%\Cab480D.tmp
  • %TEMP%\Cab4750.tmp
  • %TEMP%\Tar4751.tmp
  • %TEMP%\Tar490A.tmp
  • %TEMP%\Tar4B01.tmp
  • %TEMP%\Cab4BCD.tmp
  • %TEMP%\Cab4AF1.tmp
  • %TEMP%\Cab4A14.tmp
  • %TEMP%\Tar4A15.tmp
  • %TEMP%\Cab91AE.tmp
  • %TEMP%\Tar91AF.tmp
  • %TEMP%\Tar90F1.tmp
  • %TEMP%\Tar9034.tmp
  • %TEMP%\Cab90F0.tmp
  • %TEMP%\Cab927A.tmp
  • %TEMP%\Cab9414.tmp
  • %TEMP%\Tar9415.tmp
  • %TEMP%\Tar9348.tmp
  • %TEMP%\Tar928B.tmp
  • %TEMP%\Cab9347.tmp
  • %TEMP%\Cab9033.tmp
  • %TEMP%\Cab8C64.tmp
  • %TEMP%\Tar8C65.tmp
  • %TEMP%\Tar8BA8.tmp
  • %TEMP%\Tar8ADB.tmp
  • %TEMP%\Cab8BA7.tmp
  • %TEMP%\Cab8D40.tmp
  • %TEMP%\Cab8EF9.tmp
  • %TEMP%\Tar8F0A.tmp
  • %TEMP%\Tar8E1E.tmp
  • %TEMP%\Tar8D51.tmp
  • %TEMP%\Cab8E1D.tmp
  • %TEMP%\Tar9ABA.tmp
  • %TEMP%\Cab9C22.tmp
  • %TEMP%\Cab9AB9.tmp
  • %TEMP%\Cab99CD.tmp
  • %TEMP%\Tar99DD.tmp
  • %TEMP%\Tar9C23.tmp
  • %TEMP%\Tar9DFB.tmp
  • %TEMP%\CabA01E.tmp
  • %TEMP%\Cab9DEA.tmp
  • %TEMP%\Cab9D0E.tmp
  • %TEMP%\Tar9D0F.tmp
  • %TEMP%\Tar9911.tmp
  • %TEMP%\Tar95DD.tmp
  • %TEMP%\Cab968A.tmp
  • %TEMP%\Cab95DC.tmp
  • %TEMP%\Cab9510.tmp
  • %TEMP%\Tar9511.tmp
  • %TEMP%\Tar969B.tmp
  • %TEMP%\Tar9844.tmp
  • %TEMP%\Cab9900.tmp
  • %TEMP%\Cab9833.tmp
  • %TEMP%\Cab9757.tmp
  • %TEMP%\Tar9758.tmp
  • %TEMP%\Cab7BED.tmp
  • %TEMP%\Tar7BEE.tmp
  • %TEMP%\Tar7B12.tmp
  • %TEMP%\Tar7A06.tmp
  • %TEMP%\Cab7B01.tmp
  • %TEMP%\Cab7CAA.tmp
  • %TEMP%\Cab7E54.tmp
  • %TEMP%\Tar7E55.tmp
  • %TEMP%\Tar7D88.tmp
  • %TEMP%\Tar7CBB.tmp
  • %TEMP%\Cab7D87.tmp
  • %TEMP%\Cab7A05.tmp
  • %TEMP%\Cab706C.tmp
  • %TEMP%\Tar706D.tmp
  • %TEMP%\Tar6DEC.tmp
  • %TEMP%\Tar6CE0.tmp
  • %TEMP%\Cab6DEB.tmp
  • %TEMP%\Cab7399.tmp
  • %TEMP%\Cab787D.tmp
  • %TEMP%\Tar787E.tmp
  • %TEMP%\Tar76F6.tmp
  • %TEMP%\Tar739A.tmp
  • %TEMP%\Cab76F5.tmp
  • %TEMP%\Tar85E3.tmp
  • %TEMP%\Cab86AF.tmp
  • %TEMP%\Cab85E2.tmp
  • %TEMP%\Cab8525.tmp
  • %TEMP%\Tar8526.tmp
  • %TEMP%\Tar86B0.tmp
  • %TEMP%\Tar89EF.tmp
  • %TEMP%\Cab8ADA.tmp
  • %TEMP%\Cab89EE.tmp
  • %TEMP%\Cab88B4.tmp
  • %TEMP%\Tar88B5.tmp
  • %TEMP%\Tar844A.tmp
  • %TEMP%\Tar805B.tmp
  • %TEMP%\Cab8166.tmp
  • %TEMP%\Cab804B.tmp
  • %TEMP%\Cab7F40.tmp
  • %TEMP%\Tar7F50.tmp
  • %TEMP%\Tar8167.tmp
  • %TEMP%\Tar834E.tmp
  • %TEMP%\Cab8449.tmp
  • %TEMP%\Cab833E.tmp
  • %TEMP%\Cab8252.tmp
  • %TEMP%\Tar8253.tmp
Network activity:
Connects to:
  • 'to###.updaterss.com':80
  • 'oc##.#omodoca.com':80
  • 'tr###.ssfiles.com':80
  • 'to###.updaterss.com':443
  • 'cr#.##modoca.com':80
  • 'www.download.windowsupdate.com':80
  • 'up######ns.updaterss.com':443
  • 'cr#.##ertrust.com':80
  • 'oc##.#sertrust.com':80
TCP:
HTTP GET requests:
  • cr#.##modoca.com/COMODOCodeSigningCA2.crl
  • oc##.#omodoca.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBSOJaE2H4hHYQzP74hlLuO41NG%2BEAQUHsWxLH2H2gJofCW8DAeEP7bP3vECEQDxMfSimSXK7c8t3By8TNrj
  • cr#.##ertrust.com/UTN-USERFirst-Object.crl
  • www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
  • oc##.#sertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRtl6lMY2%2BiPob4twryIF%2BFfgUdvwQUK8NGq7oOyWUqRtF5R8Ri4uHa%2FLgCEBBwnU%2F1VAjXMGAB2OqRdbs%3D
HTTP POST requests:
  • to###.updaterss.com/service/update2
UDP:
  • DNS ASK oc##.#omodoca.com
  • DNS ASK cr#.##modoca.com
  • DNS ASK tr###.ssfiles.com
  • DNS ASK to###.updaterss.com
  • DNS ASK cr#.##ertrust.com
  • DNS ASK dn#.##ftncsi.com
  • DNS ASK up######ns.updaterss.com
  • DNS ASK oc##.#sertrust.com
  • DNS ASK www.download.windowsupdate.com
Miscellaneous:
Searches for the following windows:
  • ClassName: 'Shell_TrayWnd' WindowName: '(null)'

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play